Pop-ups at popular torrent trackers serving W32/Casonline adware

Everyone knows that there’s no such thing as free lunch. The same goes for freely distributed pirated content online.

Recently, Webroot decided to sample malicious activity within some of the most popular Eastern European torrent trackers, based in Bulgaria, Ukraine, and Romania for starters. The results? Countless backdoored key generators and cracks for popular games and software, and most interestingly, monetization of the huge traffic by delivering pop-ups promoting the ubiquitous W32/Casonline adware, which in case you remember was recently spamvertised to millions of end and corporate users.

More details:

Upon visiting the torrent trackers, or clicking on any of the torrents links, on the majority of occasions the tracker’s users will be exposed to pop ups enticing them into downloading third-party online gambling software which in reality is the W32/Casonline adware. The owners of the torrent tracker earn revenue every time a user downloads and installs the application.

Screenshot of a pop-up enticing users into downloading W32/Casonline adware:

Second screenshot of a pop-up enticing users into downloading W32/Casonline adware:

Third screenshot of a pop-up enticing users into downloading W32/Casonline adware:

[…] In this post, I’ll profile several prolific spam campaigns attempting to trick users into visiting a bogus web site, and downloading a copy of the potentially unwanted application (PUA) most commonly known as W32/Casonline. […]